<span style="font-family: Arial; font-size: 13px;">File perms are OK<br><br>tools.ext-lnk-discover@tools-login:~/www$ ls -ld cgi-bin/<br>drwxrwsr-x 2 tools.ext-lnk-discover tools.ext-lnk-discover 4096 Sep 22 18:13 cgi-bin/<br><br>tools.ext-lnk-discover@tools-login:~/www/cgi-bin$ ls -l<br>-rwxr-xr-x 1 tools.ext-lnk-discover tools.ext-lnk-discover 29 Sep 21 21:54 server.sh<br><br>I'm using server.sh as a simple test case to report this bug. The problem exists for Perl scripts also. And there are other accounts on Tools using .sh via CGI see for example <br><br>/data/project/catmonitor/.lighttpd.conf<br><br>--<br>GreenC<br><br>On 9/22/2014 at 2:56 PM, "John" <phoenixoverride@gmail.com> wrote:<blockquote style="border-left:solid 1px #ccc;margin-left:10px;padding-left:10px;"><div dir="ltr">.sh scripts are evil and should never be run via the web. .sh are backend tools. I would look into either php or python. If you use python I can lend a hand. Otherwise Look at file permissions 403 typcially means that the webservice cannot read the file<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Sep 22, 2014 at 2:36 PM, <span dir="ltr"><<a>nejuje6tpztluvolq@nym.hush.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left:1px #ccc solid;padding-left:1ex;margin:0 0 0 .8ex;"><span style="font-family:Arial;font-size:13px;">Hello,<br><br>I've been trying to get this to work for days and am running out of ideas. <br><br>Attempting to accomplish something simple: Run a /bin/sh script via CGI <br><br>The script is called server.sh and contains this:<br><br> #!/bin/sh<br> echo "Hello World<br>"<br><br>It resides in /data/project/ext-lnk-discover/public_html/cgi-bin/server.sh<br><br>The .lighttpd.conf is <br><br> debug.log-request-handling = "enable" <br> static-file.exclude-extensions += ( ".sh" )<br> $HTTP["url"] =~ "^cgi-bin" {<br> cgi.assign = ( "" => "" )<br> }<br><br><br><a target="_blank" href="http://tools.wmflabs.org/ext-lnk-discover/cgi-bin/server.sh" onclick="window.open('http://tools.wmflabs.org/ext-lnk-discover/cgi-bin/server.sh');return false;">http://tools.wmflabs.org/ext-lnk-discover/cgi-bin/server.sh</a> <br><br>returns "403 Forbidden"<br><br>The Lighttpd error.log is long, located in /data/project/ext-lnk-discover/error.log, but the last two lines:<br><br>2014-09-22 18:10:19: (mod_compress.c.683) -- handling file as static file<br>2014-09-22 18:10:19: (mod_staticfile.c.389) -- NOT handling file as static file, extension forbidden<br><br>This would suggest .sh extension is the problem, but I changed the name to .fcgi or whatever doesn't matter get the same error.<br><br>Maybe I need to use FCGI? New .lighttpd.conf:<br><br> fastcgi.server += ( "/" =><br> ((<br> "socket" => "/tmp/ext-lnk-discover-server.sock",<br> "bin-path" => "/data/project/ext-lnk-discover/public_html/cgi-bin/server.sh",<br> "check-local" => "disable",<br> "max-procs" => 1,<br> ))<br> )<br><br>Error.log now shows:<br><br>2014-09-22 18:21:20: (mod_fastcgi.c.1104) the fastcgi-backend /data/project/ext-lnk-discover/public_html/cgi-bin/server.sh failed to start:<br>2014-09-22 18:21:20: (mod_fastcgi.c.1108) child exited with status 0 /data/project/ext-lnk-discover/public_html/cgi-bin/server.sh<br>2014-09-22 18:21:20: (mod_fastcgi.c.1111) If you're trying to run your app as a FastCGI backend, make sure you're using the FastCGI-enabled version.<br>If this is PHP on Gentoo, add 'fastcgi' to the USE flags.<br>2014-09-22 18:21:20: (mod_fastcgi.c.1399) [ERROR]: spawning fcgi failed.<br>2014-09-22 18:21:20: (server.c.938) Configuration of plugins failed. Going down.<br><br>(this happens on webserver restart)<br><br>------------<br><br>I've tried other scripts: bash, Perl and csh with same results.<br><br>I'm beginning to think the problem is security, perhaps a jailed shell on the Grid? Any help appreciated!<br>Thanks,<br>GreenC<br></span><br>_______________________________________________<br>
Labs-l mailing list<br>
<a>Labs-l@lists.wikimedia.org</a><br>
<a target="_blank" href="https://lists.wikimedia.org/mailman/listinfo/labs-l" onclick="window.open('https://lists.wikimedia.org/mailman/listinfo/labs-l');return false;">https://lists.wikimedia.org/mailman/listinfo/labs-l</a><br>
<br></blockquote></div><br></div></blockquote></span>